diff options
| author | Andrew Tridgell <tridge@samba.org> | 2003-02-06 05:42:19 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2003-02-06 05:42:19 +0000 |
| commit | b4776d89ea9861def5b9d491b3ec6b881d086505 (patch) | |
| tree | 63318e41031212fabf236217b16e6adf87473cb6 /source3/rpc_server | |
| parent | 68fdf96637b4f0b5ea3769988b1b865a14ef9fad (diff) | |
| download | samba-b4776d89ea9861def5b9d491b3ec6b881d086505.tar.gz samba-b4776d89ea9861def5b9d491b3ec6b881d086505.tar.bz2 samba-b4776d89ea9861def5b9d491b3ec6b881d086505.zip | |
added the LSA privileges server backend stubs. Right now they just log
what was requested.
(This used to be commit 64ac6c2bcb729c4658de48e929cc792681903ecc)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_lsa.c | 99 | ||||
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 81 |
2 files changed, 179 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 815de390ec..ace95e7308 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -642,6 +642,100 @@ static BOOL api_lsa_query_info2(pipes_struct *p) } + +/*************************************************************************** + api_lsa_enum_acctrights + ***************************************************************************/ +static BOOL api_lsa_enum_acct_rights(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_RIGHTS q_u; + LSA_R_ENUM_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_add_acctrights + ***************************************************************************/ +static BOOL api_lsa_add_acct_rights(pipes_struct *p) +{ + LSA_Q_ADD_ACCT_RIGHTS q_u; + LSA_R_ADD_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_remove_acctrights + ***************************************************************************/ +static BOOL api_lsa_remove_acct_rights(pipes_struct *p) +{ + LSA_Q_REMOVE_ACCT_RIGHTS q_u; + LSA_R_REMOVE_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + /*************************************************************************** \PIPE\ntlsa commands ***************************************************************************/ @@ -673,7 +767,10 @@ int rpc_lsa_init(void) { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, - { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 } + { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }, + { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, + { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights }, + { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights}, }; return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds, diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index fc51d7ef2f..7a2f5ae443 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1260,3 +1260,84 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I return r_u->status; } + + +/*************************************************************************** + For a given SID, enumerate all the privilege this account has. + ***************************************************************************/ +NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + char **rights = NULL; + int num_rights = 0; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + init_r_enum_acct_rights(r_u, num_rights, rights); + + return r_u->status; +} + +/*************************************************************************** + add privileges to a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + /* no backend yet - just print them */ + + DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", + sid_string_static(&q_u->sid.sid), q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + init_r_add_acct_rights(r_u); + + return r_u->status; +} + + +/*************************************************************************** + remove privileges from a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + + /* no backend yet - just print them */ + + DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", + sid_string_static(&q_u->sid.sid), + q_u->removeall, + q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + init_r_remove_acct_rights(r_u); + + return r_u->status; +} |